Writing Log Messages

audit_log_format is used to write a log message into a given audit buffer. The prototype of the function is as follows:

kernel/audit.c void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)

As the prototype suggests, audit_log_format is — more or less — a variant of printk. The format string given in fmt is evaluated and filled in with the parameters given by the va_args list, and the resulting string is written into the data space of the socket buffer associated with the audit buffer.

5Note that audit records that are allocated without the_GFP_WAIT flag are considered more urgent. The backlog length threshold at which they are prevented from being created is higher than for other allocation types.

Continue reading here: Closing the Audit

Was this article helpful?

0 0